Share this story

GreatFire.org, a group that monitors censorship by the Chinese government’s national firewall system (often referred to as the “Great Firewall”), reports that China is using the system as part of a man-in-the-middle (MITM) attack on users of Apple’s iCloud service within the country. The attacks come as Apple begins the official rollout of the iPhone 6 and 6 Plus on the Chinese mainland.

The attack, which uses a fake certificate and Domain Name Service address for the iCloud service, is affecting users nationwide in China. The GreatFire.org team speculates that the attack is an effort to help the government circumvent the improved security features of the new phones by compromising their iCloud credentials and allowing the government to gain access to cloud-stored content such as phone backups.

Chinese iCloud users attempting to log in with Firefox and Chrome browsers would have been alerted to the fraudulent certificate. Update: Apple has confirmed the ongoing attack, and says that Safari, and the iOS and MacOS X logins to iCloud are unaffected by the attack. Apple has also changed the IP address for iCloud's web site in order to mitigate the attack and allow customers in China to connect to iCloud without interference.

This is hardly the first time that the Chinese government has used its control of the nation’s Internet infrastructure to attack the security of cloud and Web services. In August and early September, there was an apparent MITM attack on the Chinese messaging platform Weibo and on Google Plus. Earlier this month, there was a similar attack on Yahoo.com, apparently targeted at monitoring what citizens read online and allowing for content filtering of any news about the ongoing protests in Hong Kong. There is also an ongoing MITM attack against Microsoft’s Outlook.com Web mail platform.

Share this story

Sean Gallagher
Sean is Ars Technica's IT and National Security Editor. A former Navy officer, systems administrator, and network systems integrator with 20 years of IT journalism experience, he lives and works in Baltimore, Maryland. Emailsean.gallagher@arstechnica.com//Twitter@thepacketrat